Web host GoDaddy was hit by a major data leak, affecting some 1.2 million of the Managed WordPress hosting environment’s customers.
According to hosting provider GoDaddy, hackers gained access to the Managed WordPress environment using a misappropriated password. The setup environment of the codebase for the managed WordPress environment was compromised.
The hackers accessed data of as many as 1.2 million active and inactive users of GoDaddy’s WordPress service. This includes email addresses, telephone numbers and users’ managed WordPress admin passwords. The SFTP and database user names and passwords were captured as well. Lastly, SSL private keys were compromised, albeit on a smaller scale than the data mentioned afore.
GoDaddy has since taken measures to limit the impact of the attack. The leak was clogged. In addition, the hosting provider has reset SFTP, database and admin usernames and passwords. Customers with leaked SSL private keys will receive new certificates. GoDaddy advises affected customers to watch for possible phishing attacks.